Search Results for "xss"
Sort By:
Showing 155 open source projects for "xss"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Stop vibe-debugging.AppSignal's MCP server hands Claude, Cursor, or Zed your real errors, traces, and the deploy that shipped them. AI writes the fix; you review the diff.
-
1
ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters
ezXSS is an open-source XSS (Cross-Site Scripting) testing platform designed to help security researchers identify and collect XSS vulnerabilities. It acts as a payload receiver and logger, storing details about triggered XSS attacks such as the user agent, cookies, DOM, and referrer. This tool is highly useful in bug bounty hunting and penetration testing for monitoring and documenting XSS vectors in real-time. -
2
DOMPurify
XSS sanitizer for HTML, MathML and SVG
...We also cover Node.js v14.15.1, v15.4.0, running DOMPurify on jsdom. Older Node.js versions are known to work as well. DOMPurify is written by security people who have vast background in web attacks and XSS. -
3
WAF package for Laravel
Web Application Firewall (WAF) package for Laravel
This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notifications via email and/or slack when an attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Some middleware classes (i.e. Xss) are empty as the Middleware abstract class that they extend does all of the job, dynamically. -
4
Latte
The safest & truly intuitive templates for PHP
The first truly secure and intuitive templates for PHP. The most common critical vulnerability in websites is Cross-Site Scripting (XSS). It allows an attacker to insert a malicious script into a page that executes in the browser of an unsuspecting user. It can modify the page, obtain sensitive information or even steal the user's identity. Templating systems fail to defend against XSS. Latte is the only system with an effective defense, thanks to context-sensitive escaping. ... -
Build Agents and Models on One PlatformGemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
-
5
CodeIgniter 4
Open Source PHP Framework (originally from EllisLab)
CodeIgniter4 is a powerful PHP framework designed for building web applications. It is a next-generation version of the popular CodeIgniter framework, offering enhanced features and improved performance. CodeIgniter4 follows the MVC (Model-View-Controller) pattern and is built to be lightweight, with a focus on simplicity and speed. It comes with a rich set of libraries and tools for developing dynamic web applications. -
6
HtmlSanitizer
Cleans HTML to avoid XSS attacks
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style. In order to facilitate different use cases, HtmlSanitizer can be customized at several levels. ... -
7
Parsedown
Better markdown parser in PHP
...Safe mode does not necessarily yield safe results when using extensions to Parsedown. Extensions should be evaluated on their own to determine their specific safety against XSS. -
8
Django
The Web framework for perfectionists with deadlines
Django is a high-level, free and open-source Python web framework founded on the Model–Template–View (MTV) pattern, designed to facilitate rapid development of secure, maintainable, and scalable database-driven websites. First, read docs/intro/install.txt for instructions on installing Django. Next, work through the tutorials in order (docs/intro/tutorial01.txt, docs/intro/tutorial02.txt, etc.). If you want to set up an actual deployment server, read docs/howto/deployment/index.txt for... -
9
react-markdown
Markdown component for React
React component to render markdown. This package is a React component that can be given a string of markdown that it’ll safely render to React elements. You can pass plugins to change how markdown is transformed and pass components that will be used instead of normal HTML elements. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
Fluent Reader
Modern desktop RSS reader built with Electron, React, and Fluent UI
Fluent Reader is a local, cross-platform news aggregator with a fresh look. Bring all your favorite sources with you and read distraction-free. Stay in sync with Inoreader, Feedbin, or services compatible with Fever or Google Reader API. Alternatively, import your sources from an OPML file and read them locally. Easily organize sources with groups. Move between computers with full data backups. Enjoy your content like never before with the built-in article view for RSS full text tailored to... -
11
SafeLine
Serve as a reverse proxy to protect your web services from attacks
...A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. ... -
12
Strapi
API creation made simple, secure and fast
Strapi is the most advanced open-source headless CMS for creating powerful and customizable APIs with no effort. Built with 100% JavaScript, Strapi lets you easily create self-hosted, customizable, and performant content APIs. Strapi projects can be hosted on any platform of your choice, and you can work with any database you prefer. All your favorite dev tools-- from static site generators and databases to hosting platforms work with Strapi, so you're never locked in. Strapi is designed... -
13
HTMLPurifier for Laravel
HTMLPurifier for Laravel 5/6/7/8/9/10/11
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications. Tired of using BBCode due to the current landscape of deficient or insecure HTML filters? Have a WYSIWYG editor but have never been able to use it? ... -
14
Framework Benchmarks
Source for the TechEmpower Framework Benchmarks project
...The current tests exercise plaintext responses, JSON serialization, database reads and writes via the object-relational mapper (ORM), collections, sorting, server-side templates, and XSS counter-measures. Future tests will exercise other components and greater computation. -
15
ModSecurity Nginx Connector
ModSecurity v3 Nginx Connector
...It integrates WAF processing into the NGINX request/response phases, allowing rules to inspect headers, bodies, and even streaming request data before it reaches upstream apps. Operators can load the OWASP Core Rule Set or custom rules to detect and block common attacks such as SQLi, XSS, RCE patterns, and protocol anomalies. The module exposes directives for enabling audit logging, anomaly scoring, request body buffering limits, and performance tuning to fit high-traffic deployments. Because it’s a native NGINX module, it benefits from NGINX’s event-driven architecture and can be compiled as a dynamic module for flexible packaging. ... -
16
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
17
jsoup
Java library for working with real-world HTML
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do. jsoup is designed to deal with all varieties of HTML found in the wild; from pristine and validating, to invalid tag-soup; jsoup will create a sensible parse tree. The parser will make... -
18
Phlex
Object-oriented views in Ruby
Phlex is a Ruby-based framework for building HTML and SVG views using object-oriented programming principles, offering a unique alternative to traditional template systems like ERB. It allows developers to write UI components entirely in Ruby, providing full control over structure, logic, and rendering without mixing HTML and templating syntax. One of its key advantages is performance, as it can render HTML extremely quickly while maintaining predictable scaling even with complex component... -
19
reconFTW
Automated framework for domain reconnaissance and vulnerability scans.
reconFTW is an open source automated reconnaissance framework created for security researchers, penetration testers, and bug bounty hunters. The tool streamlines the reconnaissance phase of security assessments by orchestrating numerous specialized tools to gather intelligence about a target domain. It performs multiple discovery and analysis tasks such as subdomain enumeration, OSINT collection, and vulnerability scanning in an automated workflow. The framework integrates many external... -
20
Digna Web Scanner
A tool to check web apps for vulnerabilty
...Open Ports: Detects open ports on the target web server to understand its potential attack surface. Content Security Policy (CSP): Checks if the website has a properly configured CSP to mitigate XSS and other injection RCE -
21
Scanner of Death is a network vulnerability scanner.
-
22
Hullu Vulnerable System
Pentesting OVA, suits VMware or VirtualBox
...Pre-installed Tools and Services: + Web Stack: - Python3 + Flask - Apache2 with HTTPS - PHP + MySQL (MariaDB) - phpMyAdmin - FlaskVA (Python-based vulnerable app) https://github.com/kaledaljebur/FlaskVA - DVWA (PHP-based vulnerable app) https://github.com/digininja/DVWA + Protocols Simulated: - HTTP / HTTPS - SSH / SFTP - SMB (under constructions) - DNS (under constructions) - FTP / FTPS (under constructions) + In FlaskVA (Python-based): - SQL Injection - Command Injection - File Upload (with SUID exploit vector) - XSS - SSRF - IDOR This is the first version of Hullu, more details are coming. Please contact me if you have any questions or suggestions. Regards, Kaled Aljebur. -
23
Neiki's Markdown Editor
Live Markdown editor with real-time GitHub-styled preview
...The editor includes a modern toolbar, keyboard shortcuts, dark/light theme switching, export to .md, and mobile-friendly interface. It is designed for simplicity, performance, and safe rendering with built-in XSS protection. -
24
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
25
waymap
Waymap is a fast and optimized web vulnerability scanner
...Features Overview Latest Update v5.2.1 New Sql Injection Scanning Module High Accuracy And Less False Positive Access it using: --scan sqli v5.3.1 Added Boolean Based Sqli Testing (OWN LOGIC) High Accuracy, Can Give False Positive Sometimes Access it using: --scan sqli Waymap Features Vulnerability Scanning Modules: SQL Injection (SQLi) Command Injection Server-Side Template Injection (SSTI) Cross-Site Scripting (XSS) with filter bypass payload testing Local File Inclusion (LFI) Open Redirect Carriage Return and Line Feed (CRLF) Cross-Origin Resource Sharing (CORS) Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)
